Title: Malware code injection! Please HELP!
Last modified: August 24, 2016

---

# Malware code injection! Please HELP!

 *  Resolved [Beshken](https://wordpress.org/support/users/beshken/)
 * (@beshken)
 * [11 years ago](https://wordpress.org/support/topic/malware-code-injection-please-help/)
 * Yesterday Google by Webmaster Tools send me alert. It said:
    Malware code injection
   Suspicious snippet: `<iframe src="http://pererrationhouyhnhnm.comicalcurriculum.
   net/player-hissing-skews-articulately/708758093631444445" width="423" height="
   526">`
 * I searched in source of my site’s that page – nothing, can’t find this iframe.
   Installed Sucuri Security – it said that site is clean. I send request to Google
   to recheck my site and get answer from them, that my site still has this malware
   and this iframe…
 * What can I do?

Viewing 5 replies - 1 through 5 (of 5 total)

 *  [barnez](https://wordpress.org/support/users/pidengmor/)
 * (@pidengmor)
 * [11 years ago](https://wordpress.org/support/topic/malware-code-injection-please-help/#post-6125070)
 * Try a few other scanners:
 * [https://wordpress.org/plugins/wordfence/](https://wordpress.org/plugins/wordfence/)
   
   [http://wordpress.org/plugins/gotmls/](http://wordpress.org/plugins/gotmls/)
 * Also, you can upload a backup of your site to scan here:
    [https://www.virustotal.com/](https://www.virustotal.com/)
 * Keep in mind that even if you locate and remove the iframe, the question will
   remain of how it has got there in the first place …. This typically means that
   your site security has been comprised, and you have two choices:
 * a) restore your site from a good known backup (and of course change all passwords(
   WP dashboard/Cpanel/database) and [update your salt keys](https://digwp.com/2010/09/wordpress-security-keys/)).
   
   b) Work through the advice in the WordPress codex [here](https://codex.wordpress.org/FAQ_My_site_was_hacked).
 * Once resolved, you should consider implementing the advice in the [Hardening WordPress Codex](http://codex.wordpress.org/Hardening_WordPress).
 * Good luck!
 *  [Senff – a11n](https://wordpress.org/support/users/senff/)
 * (@senff)
 * [11 years ago](https://wordpress.org/support/topic/malware-code-injection-please-help/#post-6125073)
 * If you can’t find the actual code for that iframe in your source, then that’s
   definitely a clear indication you **have** been infected. Malware tends to inject
   itself rather sneakily — not by just adding it to the source, so it’s normal 
   that you wouldn’t find it right away.
 *  [Mark Ratledge](https://wordpress.org/support/users/songdogtech/)
 * (@songdogtech)
 * [11 years ago](https://wordpress.org/support/topic/malware-code-injection-please-help/#post-6125074)
 * Carefully follow [FAQ – My Site Was Hacked](https://codex.wordpress.org/FAQ_My_site_was_hacked).
 * Then take a look at the recommended security measures in [Hardening WordPress](https://codex.wordpress.org/Hardening_WordPress)
   and [Brute Force Attacks](http://codex.wordpress.org/Brute_Force_Attacks)
 * Change all passwords. Scan your own PC. Tell your web host you got hacked; and
   consider changing to a more secure host: [Recommended WordPress Web Hosting](http://wordpress.org/hosting/)
 * If you can’t do the work yourself, consider looking for a reputable person on
   freelancing sites such as [Elance.](http://elance.com/)_ (FYI, it’s **not** a
   good idea to respond to unsolicited emails from forum users offering to work 
   for you.)_
 *  [LarsKumbier](https://wordpress.org/support/users/larskumbier/)
 * (@larskumbier)
 * [11 years ago](https://wordpress.org/support/topic/malware-code-injection-please-help/#post-6125079)
 * please also note, that some malware is quite sophisticated in hiding itself from
   the default security scanners and use obfuscation to hide from a string search.
   I’ve encountered several malware infestations of some clients and none were found
   by Sucuri.
 *  Thread Starter [Beshken](https://wordpress.org/support/users/beshken/)
 * (@beshken)
 * [10 years, 12 months ago](https://wordpress.org/support/topic/malware-code-injection-please-help/#post-6125535)
 * Yes, Sucuri was not problem solving plugin in this case, but we found malware
   in wp-config file, changed all passwords and now we’re keeping one’s eye on Sucuri
   everyday. If even one file would be changed, we’ll see it by “Core integrity”
   function.
 * Hope it helps to some other people, having same issue.
 * Thanks.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Malware code injection! Please HELP!’ is closed to new replies.

## Tags

 * [hacked](https://wordpress.org/support/topic-tag/hacked/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 5 replies
 * 5 participants
 * Last reply from: [Beshken](https://wordpress.org/support/users/beshken/)
 * Last activity: [10 years, 12 months ago](https://wordpress.org/support/topic/malware-code-injection-please-help/#post-6125535)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics